Add addpath support to EVPN #18759
Open
Add addpath support to EVPN #18759
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Force push: missing signed-off-by and style fixes as noted by CI |
ton31337
reviewed
May 7, 2025
This should make addpath work for EVPN when routes "pass-by" the BGP instances without changing AFI (i.e. when not import/exporting to EVPN). Signed-off-by: Tuetuopay <[email protected]>
@ton31337 if you mean setting If you mean an EVPN (like our R2 in the topotest), as I think you mean since it's the issue at hand:
I added two scenarios in the topotest to ensure those work. |
donaldsharp
reviewed
May 8, 2025
This will properly generate multipath EVPN paths when the IPv4/IPv6 unicast one is multipath, properly forwarding AddPath IDs for multipath EVPN propagation. All paths will be forwarded to EVPN (even not selected ones), for filtering later with `addpath-tx-all-paths` or `addpath-tx-best-path`. Signed-off-by: Tuetuopay <[email protected]>
Signed-off-by: Tuetuopay <[email protected]>
When the overlay index is NONE (i.e. use the router's mac), even if we export multiple paths, they will all point to ourselves. However, when the `gateway-ip` option is enabled, receiving VTEPs can infer multiple paths should they have access to the overlay index. This is indeed what FRR does when recieving type-5 routes bearing such an overlay index. Thus, only export multiple paths through addpath when the user explicitly asks for it with `advertise ipv[46] unicast gateway-ip`. This way, users that don't use the `gateway-ip` flag don't pay the price of multipath. Signed-off-by: Tuetuopay <[email protected]>
For EVPN multipath (when the overlay index mode is `gateway-ip`), the addpath IDs are used to distinguish routes in the EVPN VRF. However, the current logic only counts peers (and peer-groups) that perform any form of TX addpath. This patch counts the `gateway-ip` knob as one "consumer" of addpath tx ids, ensuring they are present even though peers in the VRF don't transmit using addpath. Signed-off-by: Tuetuopay <[email protected]>
Don't output a leading comma `,` for `numPrefix` when there are no
routes before in the object.
The following command:
show bgp l2vpn evpn [route detail] json
Did output the invalid object:
{
,"numPrefix":0,"numPaths":0}
Signed-off-by: Tuetuopay <[email protected]>
This test ensures routes are properly exported to EVPN, handled, and imported from EVPN. Signed-off-by: Tuetuopay <[email protected]>
Since the behavior changes between with and without gateway-ip, it needs to be explicitly mentioned in the docs. Signed-off-by: Tuetuopay <[email protected]>
These two new scenarios ensure we can tune the TX AddPath strategy in EVPN, and switch from one to the other live. Signed-off-by: Tuetuopay <[email protected]>
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
This pull requests implements addpath support to EVPN. This includes:
Rationale
EVPN has a native support for multipath, as the route distinguisher is part of the prefix, since each VTEP is supposed to have its own. In a nutshell, this is already what AddPath does, but in a more explicit way (the distinguisher is part of the prefix) and in a simpler way (the distinguisher is carried across the whole EVPN instance, instead of changing on each speaker).
However, this has a limitation when importing/exporting routes with EVPN: a single VTEP cannot advertise multiple paths to the same overlay prefix in the IP-VRF, as FRR has a single route distinguisher per VRF. A few usecases:
Imbalanced exit paths
When interacting with an outside network, we may have imbalanced exit paths between the PEs and the CEs:
In the above situation, we have three total paths to the outside network. However, without addpath, PE1 will export a single EVPN route to the rest of the fabric, leading to only two paths to the outside network. In classic ECMP scenarios, this creates an imbalance between the CEs where the traffic would be split 25%/25%/50%.
By using addpath, PE1 can signal it has two paths to the external network, giving a better overlay multipathing of 33/33/33. This can be used as a workaround for vendors not supporting weighted ECMP, by feeding them all paths. In addition, this enables BGP inspection tools to see which paths are present.
Note: the above scenario can easily be attained with dual redundant connections with 4 CEs, when one of the four fails.
Import/export performed out-of-band
In virtualized environments, or with many peers with many tenants, or with some inter-tunnel routing setups, one may want to decouple BGP signaling from the actual router performing the forwarding.
In centralized gateway models, the actual routers are often redundant, anycasted, and even sometimes using anycast VTEP setups. This makes peering with them through the overlay impractical: implementation details of "how many" there are leak out; if not impossible when they are anycast VTEPs. Thus, the signaling needs to be performed out-of-band, acting like a route-server that also imports/exports routes to EVPN, leveraging Gateway-IP overlay indexes to carry overlay routing information to the actual router(s).
For the N unicast gateways to know about both CE1 and CE2, PE1 would need either a route distinguisher per CE, or AddPath.
Another usecase for out-of-band would be in distributed routing, e.g. on hypervisors. If we consider CEs to be VMs and PEs to be hypervisors running FRR, live-migration scenarios would ensure the BGP session to flap, as it would reconnect to the new hypervisor. It also mandates shuttling around FRR configurations, increasing the failure chances. One would want to push the peering outside of the hypervisor, keeping the session alive and reducing configuration changes.
Approach
Pretty much all EVPN functions handling type-5 routes were enriched with addpath IDs, and those are used to distinguish the routes during export. The IPv[46] unicast path's addpath TX ID is used as the EVPN path's addpath RX ID. This, however, required a large change into where EVPN hooks itself for export: it only operated after the VRF's bestpath selection, only getting access to the best path. The new hooks were modeled after MPLS VPN leaking, as it's conceptually pretty close.
Route import was not touched as it worked out of the box; and to avoid breaking installation of other route types.
The multipath behavior is only enabled when the
advertise <ipv4|ipv6> unicastknob bears thegateway-ipflag, in which case, all paths are exported to EVPN, and addpath TX IDs are generated for the VRF.addpath-tx-all-pathsneeds to be enabled on EVPN peers.Other words
First of all, thank you for taking the time to review this PR, and for any feedback you might provide. Thanks also for this great piece of software!
I am, of course, open to changes in the approach taken there; and to more topotest scenarios.